First I must emphasize that do I like the program but, is it something I've got wrong or is the test file 'eicar.com' really not meant to be detected by the PCTIS OnGuard file scanner?
I've now installed PCTIS on 3 different PCs with the same result every time. 'eicar.com' executes and outputs the text string "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" without interruption, suggested quarantine or deletion! Anyone else noticed this?
BTW the on-demand and SMTP email scans catch it.

Pete :confused:

Currently running a test on this, I'll get back to you shortly.

Thanks


BTW the on-demand and SMTP email scans catch it

...and also IMAP too (Thunderbird)

Pete,

We have tested PCTIS v5.5.0.119 and eicar.com with kernel compatibility mode enabled and disabled and was able to detect the eicar.com test file. We also tried with FileGuard set to both Processes only and All Files and processes.

I think the possibilities are likely to be:

1. You have OnGuard on, but may have FileGuard off.
2. The copy of the eicar.com file has been corrupted somehow -- Try getting a fresh copy from: http://www.eicar.org
3. Some other bug in OnGuard has cropped up in your copy. Are you using the current 5.5.0.119 version?

Pete,

We have tested PCTIS v5.5.0.119 and eicar.com with kernel compatibility mode enabled and disabled and was able to detect the eicar.com test file. We also tried with FileGuard set to both Processes only and All Files and processes.

I'm using the final release version (unistall RC2 and reinstall). I haven't tried enabling kcm but I did try both Processes and All Files. This sounds silly but what notification do you get eicar.com is detected. I get this:'cmdeicar.jpg' and then this 'cmd-eicar.jpg'. The same thing happens if I double-click on the file it's just too quick to get a screenshot.




I think the possibilities are likely to be:

1. You have OnGuard on, but may have FileGuard off. No, triple-checked.
2. The copy of the eicar.com file has been corrupted somehow -- Try getting a fresh copy from: http://www.eicar.org
I have downloaded a fresh copy multiple times. I first discovered the behaviour because I was interested to see if eicar.com.was detected as it was cached by the browser or written to the HD. Note also that on-demand scan and email guard detect it.
3. Some other bug in OnGuard has cropped up in your copy. Are you using the current 5.5.0.119 version? Yes, but still RC2 on 2 of the PCs.

Changed to Kernel Compatibility mode on all 3 PCs.
Now: 'success.jpg' on all 3.

Question remains: What if it only works in KC mode on other people's PCs too?

Changed to Kernel Compatibility mode on all 3 PCs.
Now: 'success.jpg' on all 3.

Question remains: What if it only works in KC mode on other people's PCs too?

We ran a test on multiple machines (with different environments) and was not able to recreate this issue. I went through one of your earlier posts to see if you were running other security apps, but saw that you didn't. Have you installed anything additional since the first beta?

No, haven't installed anything else since the first IS Beta. Couldn't there be conflict with something installed previously? I'v been trying to think of a common item. E.G. all 3 PCs have UltraVNC server loaded.
Shot from Process Explorer attached.


Enabling KC mode noticeably increases bootup time and scanning of executables.
One of things that I found intriguing about PCTIS but hadn't got around to asking yet, is how it made so little impact on system speed compared to PCTAV. I guess the answer is that without KC mode enabled, it wasn't scanning.
Loading time for my standard test app has increased from 20 to 38 seconds which "coincidentally" is the same as for PC Tools AV.

To help us investigate this further, could you please see PM.

Hi Anthony, Results of test on PC "123" - XP Home SP2.

If that's all ok, please see below:

Here's a problem! No "FilterConnectionPort" entries. 'system_handles.jpg'